TE CHN I CAL

SPECIFICAT

IONS

Services Supported

Bootp, http, irc, netstat, pop3, SNMP, tftp, pptp, dns, https, kerberos, nntp, rip, ssh, who, RADIUS, eigrp, ident, LDAP, ntp, rip2, syslog, shell, X11, exec, gmp, login, OSPF, rlogin, telnet, talk, H.323, SIP, ftp, imap, mbone, ping, rsh, traceroute, lotus notes, VoIP/SIP, Gopher, IPSec, netbios, pointca st, mtp, sql*net

Any IP protocol (user definable)

Any IP protocol + layer 4 ports (user definable)

Support for non-IP protocols as defined by SAP/Ethertype

Layer-7 Application Support

Application Filter architecture supports layer-7 protocol inspection (deep packet inspection) for command and protocol validation, protocol a nomaly detection, dynamic channel pinholes and application layer address translation. Application filters include http, ftp, RPC, tftp, H.323/H.323 RAS, SMTP, Oracle SQL*Net, NetBIOS, ESP, DHCP Relay, DNS, GTP, and SIP

Firewall Attack Detection

and Protection

Generalized Day 0 anomaly-based flood protection with patent-pending Intellig ent Cache Management Protections

SYN flood protection to specifically protect inbound servers, e.g. Web servers, from inbound TCP SYN floods

Strict TCP validation to ensure TCP session state enforcement, validation of sequence and ac knowledgement numbers,

Rejection of bad TCP flag combinations

Initial Sequence Number (ISN) rewriting for weak TCP stack implementa tions

Fragment flood protection with robust fragment reassembly, ensures no partial or overlapping fragments are transmitted

Generalized IP packet validation including detection of malformed packets

DoS mitigations for over 190 DoS attacks, including ping of death, land attack, tear drop attack, etc.

Drops bad IP options as well as source route options

Connection rate limits to minimize effects of new attacks.

QoS/Bandwidth Management

Classified by physical port, virtual firewall, firewall rule, session bandwidth guarantees – Into and out of virtual firewall, allocated in bits/second

Bandwidth limits - Into and out of virtual firewall, allocated in bits/second, packets/ session, sessions/second

ToS/DiffServ marking and matching

Integrated with application layer filters

Content Security

HTTP Filter Keyword support integrated with HTTP Application Filter

Basic content filtering with configurable whitelist/blacklist and content keyword matching.

URL redirection for blacklist sites

Rules-based routing feature for HTTP, SMTP and FTP features (Security Management Server v9.1 or later)

¬Interoperates with all 3rd party Anti-virus, Anti-Spam, and Content Filtering systems

¬Redirects only protocol-specific packets to 3rd party systems performing Anti-virus, Anti-spam, and content filtering services.

Application-layer protocol command recognition and filtering

Application-layer command line length enforcement

Unknown protocol command handling

Extensive session-oriented logging for application-layer commands and replies

Hostile mobile code blocking (Java®, ActiveX™)

Firewall User Authentication

Browser-based authentication allows authentication of any user protocol

Built-in internal database – user limit 10,000

Local passwords, RADIUS, SecurID

User assignable RADIUS attributes

Certifica te authentication

VPN

Maximum number of dedicated VPN tunnels – 7,500

Manual Key, IKEv1, IKEv2, DoD PKI, X.509

3DES (168-bit), DES (56-bit)

AES (128, 192, 256-bit)

SHA-1 and MD5 authentication/integrity

Replay attack protection

Remote access VPN

Site-to-site VPN

IPSec NAT Traversal/UDP encapsulated IPSec

IKEv2 IPSec NAT Traversal and dead peer detection

LZS compression

Spliced and nested tunneling

Fully meshed or hub and spoke site-to-site VPN

VPN Authentication

Local passwords, RADIUS, SecurID, X.509 digital certificates

PKI Certificate requests (PKCS 12)

Automatic LDAP certificate retrieval

DoD PKI

High Availability

VPN Firewall Brick security appliance to VPN Firewall Brick security appliance active/passive failover with full synchronization

400 millisecond device failure detection and activation

Session protection for firewall, VoIP and VPN

Link failure detection

Alarm notification on failover

Encryption and authentication of session synchronization traffic

Self-healing synchronization links

Pre-emption and IP tracking for improved health state checking

Seamless system upgrade with no downtime for redundant deployments

Alcatel-Lucent VPN Firewall Brick 1200

3

 

 

Page 3
Image 3
Lucent Technologies 1200 manual Services Supported, Layer-7 Application Support, Firewall Attack Detection Protection

1200 specifications

Lucent Technologies 1200 is a cutting-edge telecommunications equipment designed to enhance communication networks in a variety of settings. Introduced during the late 20th century as part of the company's portfolio of advanced networking solutions, the Lucent 1200 series integrated various technologies to optimize performance and support a broad range of applications.

One of the primary features of the Lucent Technologies 1200 is its robust modular design, which allows for easy upgrades and customization to fit specific needs. This scalability is particularly valuable in environments where traffic demands can vary significantly, such as in corporations, educational institutions, and governmental agencies. By accommodating different modules, including voice, data, and multimedia interfaces, the system can evolve alongside technological advancements and user requirements.

Another critical characteristic of the Lucent 1200 is its high-capacity processing capabilities. Designed to handle a substantial amount of simultaneous connections, the system employs advanced algorithms to manage bandwidth efficiently, ensuring minimal latency during peak usage times. This capability is essential for supporting applications that require real-time communication, such as video conferencing and VoIP services, which have become increasingly prevalent.

The Lucent Technologies 1200 also places a strong emphasis on reliability and redundancy. Incorporating fault tolerance mechanisms, the system can continue operating seamlessly in the event of hardware failures or network disruptions. This reliability is crucial for businesses that depend on uninterrupted communication for their operations, helping to mitigate potential financial setbacks due to downtime.

Security is another vital aspect of the Lucent 1200. The system incorporates various features to safeguard against unauthorized access and ensure the integrity of transmitted data. Encryption protocols and authentication processes work together to create a secure environment for sensitive information.

Finally, user-friendly management tools accompany the Lucent Technologies 1200, enabling network administrators to monitor performance, troubleshoot issues, and configure settings with ease. These tools are designed to provide real-time insights, empowering organizations to maintain optimal network performance proactively.

In summary, the Lucent Technologies 1200 stands out in the telecommunications landscape due to its modularity, high capacity, reliability, security features, and ease of management. It serves as an indispensable solution for organizations looking to enhance their communication infrastructure and adapt to the rapidly evolving technological landscape.